SoftNAS guidance on the Spectre/Meltdown CPU Vulnerability

Owned by Admin
Last updated: Jan 16, 2020 by Former user (Deleted)Version comment
1 min read

SoftNAS is aware of and has been monitoring the issues related to the CPU Vulnerabilities (Spectre and Meltdown) and is providing the below guidance and direction to SoftNAS customers.  More details on the vulnerability can be found online, including the Google Project Zero team analysis at https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html.

Information

SoftNAS is including kernel updates in the latest (3.7) release for the Spectre and Meltdown vulnerabilities. As the SoftNAS virtual appliance runs in a VM within the Azure, AWS, or VMWare environment, this kernel update and the fixes provided by each platform will mitigate the risk. As such, no action beyond upgrading to the latest version of SoftNAS® is necessary. SoftNAS will provide any update to this guidance in the near future should this guidance change.

Step-by-step Insctructions

Public-Cloud platforms:

At this time SoftNAS feels there are no further steps needed.

VMWare: Please follow the instructions provided by VMWare here:  https://www.vmware.com/security/advisories/VMSA-2018-0002.html

AWS: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

Azure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0002.html